You your access-list probably are set up to allow echo-requests out from the internal interface but in order to get back an echo-reply you need to permit that to the external interface. The response packets are being droped by the default rule.
At 03:29 PM 4/17/2002 -0400, David Ishmael wrote: >All: > >I've got a PIX with two interfaces. The outside interface has a public >address space while the inside interface has a private address space. The >problem I'm having is that the internal devices can't ping external >(public) address mappings. For example: > >static (outside, inside) 123.123.123.123 10.10.10.123 netmask >255.255.255.255 0 0 >static (outside, inside) 123.123.123.124 10.10.10.124 netmask >255.255.255.255 0 0 > >When 10.10.10.123 tries to connect to 123.123.123.124 I get the following >error message via syslog: > >-> regular translation creation failed for tcp src >inside:10.10.10.123/3737 dst outside:123.123.123.124/110. > >I've checked to make sure that the access-list is permitting the >connection and its wide open. Any ideas on what I'm doing wrong? > >-- >David Ishmael, CCNA/IVCP >Sr. Engineer, Windward Consulting Group >2300 Corporate Park Drive >Suite 400 >Herndon, VA 20171 ><mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] >(571) 332-6234 > >"Engineers don't think outside the box, they redesign it" > >EMAIL DISCLAIMER > >The information contained in this message, and any attachment, is >confidential and proprietary information, and may be legally privileged. >It is intended for the above named recipient(s) only and is transmitted in >confidence. It should be safeguarded to prevent unauthorized, negligent, >or inadvertent use or disclosure. This message is proprietary to Windward >Consulting Group, Inc. and may not be disclosed, forwarded, distributed, >or reproduced, without the express permission of Windward. > >If this message is received in error, the sender should be notified and >the message and any attachments deleted. > >Email transmission cannot be guaranteed to be secure or error free as >information could be intercepted, corrupted, lost, destroyed, arrive late >or incomplete, or contain viruses. The sender therefore does not accept >liability for any errors or omissions in the contents of this message >which arise as a result of email transmission. > >�2002 Windward Consulting Group, Inc > >_______________________________________________ Firewalls mailing list >[EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
